def test_duplicate_method(self): # Having the same method twice doesn't cause load_auth_methods to fail. self.useFixture( auth_plugins.ConfigAuthPlugins(self.config_fixture, ['external', 'external'])) auth.core.load_auth_methods() self.assertIn('external', auth.core.AUTH_METHODS)
def test_load_openid_ifca(self): method_name = "openid" with mock.patch.object(auth_plugin.OpenIDConnect, 'authenticate', return_value=None) as authenticate: self.useFixture( auth_plugins.ConfigAuthPlugins(self.config_fixture, [method_name], openid="ifca")) self.useFixture(auth_plugins.LoadAuthPlugins(method_name)) auth_data = { 'identity': { 'methods': [method_name], method_name: { 'protocol': method_name }, } } auth_info = auth.core.AuthInfo.create(auth_data) auth_context = auth.core.AuthContext(method_names=[], user_id=uuid.uuid4().hex) with self.make_request(): authentication.authenticate(auth_info, auth_context) # make sure Mapped plugin got invoked with the correct payload ((auth_payload, ), kwargs) = authenticate.call_args self.assertEqual(method_name, auth_payload['protocol'])
def test_addition_auth_steps(self, stevedore_mock): simple_challenge_plugin = SimpleChallengeResponse() extension = stevedore.extension.Extension(name='simple_challenge', entry_point=None, plugin=None, obj=simple_challenge_plugin) test_manager = stevedore.DriverManager.make_test_instance(extension) stevedore_mock.return_value = test_manager self.useFixture( auth_plugins.ConfigAuthPlugins(self.config_fixture, methods=[METHOD_NAME])) self.useFixture(auth_plugins.LoadAuthPlugins(METHOD_NAME)) auth_data = {'methods': [METHOD_NAME]} auth_data[METHOD_NAME] = {'test': 'test'} auth_data = {'identity': auth_data} auth_info = auth.core.AuthInfo.create(auth_data) auth_context = auth.core.AuthContext(method_names=[]) try: with self.make_request(): authentication.authenticate(auth_info, auth_context) except exception.AdditionalAuthRequired as e: self.assertIn('methods', e.authentication) self.assertIn(METHOD_NAME, e.authentication['methods']) self.assertIn(METHOD_NAME, e.authentication) self.assertIn('challenge', e.authentication[METHOD_NAME]) # test correct response auth_data = {'methods': [METHOD_NAME]} auth_data[METHOD_NAME] = {'response': EXPECTED_RESPONSE} auth_data = {'identity': auth_data} auth_info = auth.core.AuthInfo.create(auth_data) auth_context = auth.core.AuthContext(method_names=[]) with self.make_request(): authentication.authenticate(auth_info, auth_context) self.assertEqual(DEMO_USER_ID, auth_context['user_id']) # test incorrect response auth_data = {'methods': [METHOD_NAME]} auth_data[METHOD_NAME] = {'response': uuid.uuid4().hex} auth_data = {'identity': auth_data} auth_info = auth.core.AuthInfo.create(auth_data) auth_context = auth.core.AuthContext(method_names=[]) with self.make_request(): self.assertRaises(exception.Unauthorized, authentication.authenticate, auth_info, auth_context)
def test_addition_auth_steps(self): self.useFixture( auth_plugins.ConfigAuthPlugins(self.config_fixture, methods=[METHOD_NAME], **METHOD_OPTS)) self.useFixture(auth_plugins.LoadAuthPlugins(METHOD_NAME)) auth_data = {'methods': [METHOD_NAME]} auth_data[METHOD_NAME] = { 'test': 'test'} auth_data = {'identity': auth_data} auth_info = auth.controllers.AuthInfo.create(auth_data) auth_context = auth.controllers.AuthContext(extras={}, method_names=[]) try: self.api.authenticate(self.make_request(), auth_info, auth_context) except exception.AdditionalAuthRequired as e: self.assertIn('methods', e.authentication) self.assertIn(METHOD_NAME, e.authentication['methods']) self.assertIn(METHOD_NAME, e.authentication) self.assertIn('challenge', e.authentication[METHOD_NAME]) # test correct response auth_data = {'methods': [METHOD_NAME]} auth_data[METHOD_NAME] = { 'response': EXPECTED_RESPONSE} auth_data = {'identity': auth_data} auth_info = auth.controllers.AuthInfo.create(auth_data) auth_context = auth.controllers.AuthContext(extras={}, method_names=[]) self.api.authenticate(self.make_request(), auth_info, auth_context) self.assertEqual(DEMO_USER_ID, auth_context['user_id']) # test incorrect response auth_data = {'methods': [METHOD_NAME]} auth_data[METHOD_NAME] = { 'response': uuid.uuid4().hex} auth_data = {'identity': auth_data} auth_info = auth.controllers.AuthInfo.create(auth_data) auth_context = auth.controllers.AuthContext(extras={}, method_names=[]) self.assertRaises(exception.Unauthorized, self.api.authenticate, self.make_request(), auth_info, auth_context)